Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/geary-3.38.0.1/src/client/components/components-reflow-box.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/extension.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/fts3Int.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/fts3_tokenizer.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/fts3_unicode2.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/fts3_unicodesn.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/fts3_unicodesn.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/examples/stemwords.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/include/libstemmer.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/libstemmer/libstemmer.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/libstemmer/libstemmer_utf8.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/libstemmer/modules.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/libstemmer/modules_utf8.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/runtime/api.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/runtime/api_sq3.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/runtime/header.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/runtime/utilities_sq3.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_danish.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_danish.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_dutch.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_dutch.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_english.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_english.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_finnish.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_finnish.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_french.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_french.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_german.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_german.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_hungarian.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_hungarian.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_italian.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_italian.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_norwegian.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_norwegian.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_porter.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_porter.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_portuguese.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_portuguese.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_spanish.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_spanish.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_swedish.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_1_swedish.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_2_romanian.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_ISO_8859_2_romanian.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_KOI8_R_russian.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_KOI8_R_russian.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_danish.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_danish.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_dutch.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_dutch.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_english.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_english.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_finnish.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_finnish.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_french.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_french.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_german.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_german.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_hungarian.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_hungarian.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_italian.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_italian.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_norwegian.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_norwegian.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_porter.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_porter.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_portuguese.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_portuguese.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_romanian.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_romanian.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_russian.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_russian.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_spanish.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_spanish.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_swedish.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_swedish.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_turkish.c
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/src_c/stem_UTF_8_turkish.h
Examining data/geary-3.38.0.1/src/sqlite3-unicodesn/static.c
FINAL RESULTS:
data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/examples/stemwords.c:179:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_in = (in == 0) ? stdin : fopen(in, "r");
data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/examples/stemwords.c:184:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_out = (out == 0) ? stdout : fopen(out, "w");
data/geary-3.38.0.1/src/sqlite3-unicodesn/fts3_unicodesn.c:392:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(z);
data/geary-3.38.0.1/src/sqlite3-unicodesn/fts3_unicodesn.c:448:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pCsr->nInput = (int)strlen(aInput);
data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/examples/stemwords.c:23:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = getc(f_in);
data/geary-3.38.0.1/src/sqlite3-unicodesn/libstemmer_c/examples/stemwords.c:47:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f_in);
ANALYSIS SUMMARY:
Hits = 6
Lines analyzed = 30114 in approximately 2.00 seconds (15073 lines/second)
Physical Source Lines of Code (SLOC) = 27739
Hits@level = [0] 21 [1] 4 [2] 2 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 27 [1+] 6 [2+] 2 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.973359 [1+] 0.216302 [2+] 0.0721007 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.